New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

New Report from NSFOCUS Analyzes 27 Million Attacks in H1 Cybersecurity Insights Report

October 18, 2018 | Devika Jain

SANTA CLARA, Calif., October 18, 2018 – NSFOCUS, a leader in holistic hybrid security solutions, today released its H1 Cybersecurity Insights report, which highlights the observations of the NSFOCUS Threat Intelligence center, a security research organization created by NSFOCUS for implementing an intelligent security 2.0 strategy and improving the cybersecurity ecosystem. NSFOCUS analyzed traffic from January 1, 2018 to June 30, 2018.

Key findings from the H1 Cybersecurity Insights report include:

Crypto Miners

Since the end of March, the number of crypto mining activities has risen sharply compared to the beginning of 2018.

Among all crypto miners, WannaMine was the most active, responsible for more than 70 percent of all detected crypto mining activities detected by NSFOCUS.

Recidivist Attackers

Among more than 27 million attack sources detected by NSFOCUS in the first half of 2018, 25 percent were responsible for 40 percent of attack events. This implies that “recidivists” (attack sources found to be repeatedly linked with malicious behaviors) are more threatening than other attack sources.

The large proportion of recidivists indicates that it is a common practice among attackers to reuse attack resources. China, the USA, and Russia are home to the most “recidivists.”

Government agencies, energy, education, and finance sectors are most favored targets, suffering 90 percent of recidivist attacks, due to the large volume of business, extensive distribution, and more sensitive data.

IoT Impact on Attack Types

During the first six months of 2018, there were fewer new Trojan variants than botnets and worms. This is linked with the proliferation of networked hosts and IoT devices in part due to the reduction of hardware costs. Due to the high activity of backdoor programs, device and network administrators need to upgrade devices and check their configurations regularly.

Backdoor activity remained at high levels and then peaked in May at 6,000,000 before falling to more nominal levels. Backdoors are common malicious programs that can provide remote control access solely through default login interfaces of IoT devices.

DDoS Traffic

DDoS attack traffic drops sharply when the government exercises security governance during substantial events both physical and cyber. In the first half of 2018, the amount of DDoS traffic seen in the network environments in China is somewhat suppressed due to the government’s traffic governance for major events.

61 percent of DDoS attack sources have launched only DDoS attacks over a long period of time. Common DDoS attack resources include reflectors and controlled hosts or devices, whose IP addresses or IP address ranges are relatively fixed. However, about 9 percent of DDoS attack sources launch exploit attacks later.

“Looking ahead to the rest of 2018, vulnerabilities will continue to be discovered each and every day and the need to exploit those found will always be present. We’ve noticed that attackers prefer to reuse tactics and exploits, so patching regularly is critical for IT professionals,” said Guy Rosefelt, Director, Threat Intelligence & Web Security, NSFOCUS. “We also believe DDoS traffic will remain a great scourge on the Internet. Arguably, most hackers are capable of causing enormous amounts of traffic and their capability is increasing, which will continue to be a great challenge to defenders and security governance personnel.”

NSFOCUS, Inc. is a wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., an award-winning enterprise application and network security provider, with operations in the Americas, Europe, the Middle East and Asia Pacific. NSFOCUS, Inc. has a proven track record of combatting the increasingly complex cyber threat landscape through the creation and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, dynamic protection from advanced cyber threats.

NSFOCUS has eighteen years of success and experience working with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS IB has technology and channel partners in more than 60 countries, and is a winner of the Microsoft Bug Bounty Program for 6 consecutive years, a member of the Microsoft Active Protections Program (MAPP), StopBadware.org, and the Cloud Security Alliance (CSA).

Enterprise- and carrier-grade products undergo rigorous evaluation and testing to Veracode. VL4 and ISO 27001 certification, delivering powerful and effective cyber security protection combined with advanced threat analytics and intrusion prevention and detection capabilities that can be deployed in the most secure environments.

A research arm, the NSFOCUS Security Labs, is a renowned technical research center that tracks and analyzes global intelligence while identifying new network vulnerabilities and security trends.